International Business Machines Corporation

Patent Trials and Appeals Board

Mar 1, 2022

2021000902 (P.T.A.B. Mar. 1, 2022)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 16/392,901 04/24/2019 Vincent Burckhardt P201704605US02 4394 138363 7590 03/01/2022 IBM CORP. (Shackelford) c/o Shackelford, Bowen, McKinley & Norton, LLP 9201 N. Central Expressway Fourth Floor DALLAS, TX 75231 EXAMINER NOAMAN, BASSAM A ART UNIT PAPER NUMBER 2497 NOTIFICATION DATE DELIVERY MODE 03/01/2022 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): rvoigt@shackelford.law PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte VINCENT BURCKHARDT, ANDRE FISCHER, OLGIERD PIECZUL, JÜRGEN SCHMIDT, and XIAO F. YU ____________________ Appeal 2021-000902 Application 16/392,901 Technology Center 2400 ____________________ Before ROBERT E. NAPPI, MARC S. HOFF, and JOYCE CRAIG, Administrative Patent Judges. NAPPI, Administrative Patent Judge. DECISION ON APPEAL Appellant1 appeals under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 1 through 7. We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE. 1 We use the word Appellant to refer to “applicant” as defined in 37 C.F.R. § 1.42(a). According to Appellant, International Business Machines Corporation is the real party in interest. Appeal Br. 1. Appeal 2021-000902 Application 16/392,901 2 INVENTION The invention is directed to managing microservice-based applications where a permissions validator is used to compute effective permissions in response to client requests. The effective permissions are computed from an intersection of a set of actor permissions, a set of client permissions, and a set of resource permissions. Abstr. Claim 1 is illustrative of the invention and is reproduced below. 1. A computer automated method to support management of an application for clients, the clients being available for use by system actors, and the application providing one or more resources for clients, each resource being associated with at least one application, and each application comprising a plurality of microservices, the method comprising: receiving a request by a client, made under instruction of a system actor, to access a resource in order to perform a function; computing, by a processor, a set of effective permissions in response to the request from an intersection of a set of actor permissions, a set of client permissions and a set of resource permissions, the actor permissions being permissions assigned to a system actor, the client permissions being permissions assigned to a client for said system actor; and the resource permissions being permissions assigned to the resource’s requestable functions for said system actor; and granting or denying, by the processor, the request conditional on the effective permissions being at least a subset of the permissions required to be given by any of the application’s microservices that are needed for the resource being requested. Appeal Br. 43 (Claims App.). Appeal 2021-000902 Application 16/392,901 3 EXAMINER’S REJECTION2 The Examiner has rejected claims 1 through 7 under 35 U.S.C. § 103 as unpatentable over Jones (US 2018/0302391 A1; pub. Oct. 18, 2018) and Lander (US 2017/0331829 A1; pub. Nov. 16, 2017). Final Act. 27-34. ANALYSIS We have reviewed Appellant’s arguments in the Briefs, the Examiner’s rejection, and the Examiner’s response to Appellant’s arguments. Appellant’s arguments have persuaded us of error in the Examiner’s rejection of claims 1 through 7. Appellant presents several arguments with respect to the Examiner’s rejection of independent claim 1. Appeal Br. 3-18. The dispositive issue presented by Appellant’s arguments is did the Examiner err in finding the combination of Jones and Lander teaches “computing, by a processor, a set of effective permissions in response to the request from an intersection of a set of actor permissions, a set of client permissions and a set of resource permissions, the actor permissions being permissions assigned to a system actor, the client permissions being permissions assigned to a client for said system actor; and the resource permissions being permissions assigned to the 2 Throughout this Decision we refer to the Appeal Brief filed July 28, 2020 (“Appeal Br.”); Reply Brief, filed November 17, 2020 (“Reply Br.”); Final Office Action mailed April 9, 2020 (“Final Act.”); and the Examiner’s Answer mailed October 1, 2020 (“Ans.”). Appeal 2021-000902 Application 16/392,901 4 resource’s requestable functions for said system actor” as recited in claim 1? Appeal Br. 4-8. The Examiner finds that Jones teaches the claimed method of computing permissions. Final Act. 29 (citing Jones Fig. 2B, ¶¶ 28-30), Ans. 5- 7 (citing Jones Fig. 2B, ¶¶ 23, 28, 29). Specifically, the Examiner equates the user identity of Jones to the claimed client/user permission; the user roles in Jones to the claimed actor permissions; and the permissions of Jones to the claimed resource permissions. Ans. 5. The Examiner states: A particular user/client and the associated identity is mapped against the associated roles, where the resulting roles are mapped against their associated permissions, resulting into a final mapping, which results into the user associated with a set of permission resources, construed as effective permission. Phrased differently, in terms of Logic gates and Venn diagram, Jone[s]’s disclosure determines the intersection between 1) the particular user of a number of users on clients, 2) associated roles out of a number of roles, and 3) associated permissions out of many permission resources in order to determine the effective permission associated with the particular user. i.e. (Users identity on client ∩ user’s role ∩ permissions). Examiner further asserts that when a user initiates a request to access resources, the ability for the user to be allocated a permission, i.e. effective permission, is based on the computer, computing/ mapping/correlating/determining the intersection of the aforementioned parameters, i.e. the computer determining the user’s identity on a client computer out of many users, roles out of many roles and permissions out of many permissions. Ans. 6-7. We have reviewed the cited teachings of Jones and disagree with the Examiner’s finding that Jones teaches the claimed feature of computing effective permissions from an intersection of a set of client Appeal 2021-000902 Application 16/392,901 5 permissions, a set of resource permissions and actor permissions. Independent claim 1 recites that the effective permission is computed from the intersection of three sets of permissions. Claim 1 further recites “the actor permissions being permissions assigned to a system actor, the client permissions being permissions assigned to a client for said system actor; and the resource permissions being permissions assigned to the resource’s requestable functions for said system actor.” The Examiner’s analogy shows that Jones determines permissions of a client based upon clients being assigned to roles. However, the Examiner has not cited sufficient evidence to show that Jones teaches that there are three sets of permissions (i.e., a set of permissions assigned to an actor, a set assigned to the client, and a set assigned to the resources), and that the intersection of these three sets is used to compute the effective permissions. Accordingly, we do not sustain the Examiner’s rejection of independent claim 1 or dependent claims 2 through 7 similarly rejected based upon the combination of Jones and Lander. CONCLUSION We reverse the Examiner’s rejection of claims 1 through 7. Appeal 2021-000902 Application 16/392,901 6 DECISION SUMMARY In summary: Claim(s) Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1-7 103 Jones, Lander 1-7 REVERSED